Facebook takes steps to address privacy concerns

Story Tools

Facebook has taken steps in recent days to address more worries about privacy, warning employers not to ask prospective employees for their passwords and trying to clarify its user "rights and responsibilities" policies.

But the latter effort backfired when tens of thousands of users, mostly in Germany, misunderstood the clarifications and blasted the company. Their discontent showed that, no matter what Facebook does, privacy concerns are still the biggest threat to users' trust and to its growth.

"There is such an incredible level of scrutiny now about anything any company does about privacy," said Jules Polonetsky, director of the Future of Privacy Forum, an industry-backed think tank in Washington. "We are treating every single thing that touches privacy as a five-alarm fire. The risk of all these five-alarm level outbursts is that people will become inured about privacy and miss real privacy issues because of crying wolf when nothing is actually going on."

Users' willingness to share information is a key part of Facebook's business. The site makes the bulk of its money from ads that target users based on their personal information. Last year, the company earned a profit of $668 million and booked $3.7 billion of revenue, and it's preparing for an initial public offering later this spring that could be valued at as much as $100 billion.

Privacy issues have dogged Facebook for years. It settled with the Federal Trade Commission in November over allegations that it misled users about the handling of their personal information. Google Inc., a big rival, agreed to a similar settlement eight months earlier.

The latest ruckus happened when more than 30,000 German users posted that they were rejecting the company's proposed changes to its governing documents. But the changes amounted to nuanced revisions and clarifications of long-standing policies -- not a major overhaul.

The company, for instance, replaced the word "profile" with "timeline," since Facebook users now have a different type of profile. Facebook also changed "hateful" to "hate speech" in its description of prohibited content.

Still, users who read the documents for the first time noticed some things that alarmed them. For example, the document replaced the words "privacy policy" with "data-use policy," seemingly taking privacy out of the picture.

Facebook has been calling it a data-use policy since September, preferring to be more straightforward about its actual purpose. But the company makes so many subtle changes that it's easy to lose track.

"It's clear that some people fundamentally misunderstand our proposed changes. Our data-use policy governs how we use and collect data. That document is not changing at this time," Facebook spokesman Barry Schnitt said. "That's why we have this unique and transparent process, though -- so have an opportunity to clarify confusion and respond to user concerns. We look forward to doing so in the coming weeks."

Another worrisome discovery might have been the fact that applications that your Facebook friends use can gain access to your data on Facebook, even if you do not use the apps yourself. That's true, but it's been true since at least 2007 and well-documented elsewhere on the site.

The attention focused on Facebook's largely cosmetic changes reflect just how closely people watch the company.

"If they reposted the same privacy policy they had, everyone would be jumping up and down," said Polonetsky, a former chief privacy officer at AOL.

Sarah Downey, senior privacy strategist at an online privacy software provider called Abine, was among those criticizing Facebook this week. She said the company is being more straightforward about its business model and what it does by clarifying its documents. But that doesn't necessarily mean it's heading in the right direction.

"What we once thought of as a social network has really become an advertising network," she said.

On Friday, it was Facebook itself that raised alarms about privacy, warning employers not to ask job applicants for their passwords to the site so they can poke around on their profiles. The company threathened legal action against applications that violate its long-standing policy against sharing passwords.

The company action came after The Associated Press documented cases of job applicants who were asked, at the interview table, to reveal their Facebook passwords so their prospective employers can check their online profiles.

A Facebook executive cautioned that if an employer discovers that a job applicant is a member of a protected group, the employer may be vulnerable to claims of discrimination if it doesn't hire that person.

"As a user, you shouldn't be forced to share your private information and communications just to get a job," Erin Egan, Facebook's chief privacy officer of policy, wrote in a post. "And as the friend of a user, you shouldn't have to worry that your private information or communications will be revealed to someone you don't know and didn't intend to share with just because that user is looking for a job."

The post sparked comments from Facebook users, many of them thankful. But the number totaled only 108 -- a sign that when it comes to online privacy, it's far easier to stir anger than gratitude.